- name: lint pf configuration
  command: "pfctl -nf {{ pf_configuration_file }}"

- name: enable pf
  command: pfctl -e
  register: result
  failed_when:
    - result.rc != 0
    - "'already enabled' not in result.stderr"

- name: restart pf
  command: pfctl -f "{{ pf_configuration_file }}"